[Microsoft Defender portal](https://security.microsoft.com)

denisebmsft · denisebmsft · commit e8d22515669f · 2025-02-24T14:56:22.000-08:00
diff --git a/defender-endpoint/attack-surface-reduction.md b/defender-endpoint/attack-surface-reduction.md
@@ -116,7 +116,7 @@ Whenever an attack surface reduction rule is triggered, a notification is displa
 
 Also, when certain attack surface reduction rules are triggered, alerts are generated.
 
-Notifications and any alerts that are generated can be viewed in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
+Notifications and any alerts that are generated can be viewed in the [Microsoft Defender portal](https://security.microsoft.com).
 
 For specific details about notification and alert functionality, see: [Per rule alert and notification details](attack-surface-reduction-rules-reference.md#per-asr-rule-alert-and-notification-details), in the article **Attack surface reduction rules reference**.
 
diff --git a/defender-endpoint/auto-investigation-action-center.md b/defender-endpoint/auto-investigation-action-center.md
@@ -42,7 +42,7 @@ The following table compares the new, unified Action center to the previous Acti
 |---------|---------|
 |Lists pending and completed actions for devices and email in one location <br/>([Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) plus [Microsoft Defender for Office 365](/defender-office-365/mdo-about)|Lists pending and completed actions for devices <br/> ([Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) only)   |
 |Is located at:<br/>[https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)         |Is located at:<br/>[https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)     |
-| In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>, choose **Action center**. <p>:::image type="content" source="media/action-center-nav-new.png" alt-text="The navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-new.png"::: | In the Microsoft Defender portal, choose **Automated investigations** > **Action center**. <p>:::image type="content" source="media/action-center-nav-old.png" alt-text="An older version of the navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-old.png":::  |
+| In the [Microsoft Defender portal](https://security.microsoft.com), choose **Action center**. <p>:::image type="content" source="media/action-center-nav-new.png" alt-text="The navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-new.png"::: | In the Microsoft Defender portal, choose **Automated investigations** > **Action center**. <p>:::image type="content" source="media/action-center-nav-old.png" alt-text="An older version of the navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-old.png":::  |
 
 The unified Action center brings together remediation actions across Defender for Endpoint and Defender for Office 365. It defines a common language for all remediation actions, and provides a unified investigation experience.
 
@@ -57,7 +57,7 @@ You can use the unified Action center if you have appropriate permissions and on
 
 To get to the unified Action center in the improved Microsoft Defender portal:
 
-1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and sign in.
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com) and sign in.
 
 2. In the navigation pane, select **Action center**.
 
diff --git a/defender-endpoint/configure-device-discovery.md b/defender-endpoint/configure-device-discovery.md
@@ -34,7 +34,7 @@ You can customize the list of devices that are used to perform standard discover
 
 ## Set up device discovery
 
-To set up device discovery, take the following configuration steps in <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>:
+To set up device discovery, take the following configuration steps in the [Microsoft Defender portal](https://security.microsoft.com):
 
 Navigate to **Settings** > **Device discovery**
 
diff --git a/defender-endpoint/configure-endpoints-gp.md b/defender-endpoint/configure-endpoints-gp.md
@@ -40,7 +40,7 @@ search.appverid: met150
 
 Check out [Identify Defender for Endpoint architecture and deployment method](deployment-strategy.md) to see the various paths in deploying Defender for Endpoint.
 
-1. Open the GP configuration package file (`WindowsDefenderATPOnboardingPackage.zip`) that you downloaded from the service onboarding wizard. You can also get the package from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>:
+1. Open the GP configuration package file (`WindowsDefenderATPOnboardingPackage.zip`) that you downloaded from the service onboarding wizard. You can also get the package from the [Microsoft Defender portal](https://security.microsoft.com):
 
    1. In the navigation pane, select **Settings** > **Endpoints** > **Device management**  > **Onboarding**.
 
@@ -183,7 +183,7 @@ For security reasons, the package used to Offboard devices will expire 7 days af
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same device at the same time, otherwise this will cause unpredictable collisions.
 
-1. Get the offboarding package from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>:
+1. Get the offboarding package from the [Microsoft Defender portal](https://security.microsoft.com):
 
    1. In the navigation pane, select **Settings** > **Endpoints** > **Device management** > **Offboarding**.
 
@@ -220,7 +220,7 @@ With Group Policy there isn't an option to monitor deployment of policies on the
 
 ## Monitor devices using the portal
 
-1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com).
 
 2. Select **Devices inventory**.
 
diff --git a/defender-endpoint/configure-endpoints-sccm.md b/defender-endpoint/configure-endpoints-sccm.md
@@ -234,7 +234,7 @@ If you use Microsoft Configuration Manager current branch, see [Create an offboa
 
 ### Offboard devices using System Center 2012 R2 Configuration Manager
 
-1. Get the offboarding package from <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>:
+1. Get the offboarding package from the [Microsoft Defender portal](https://security.microsoft.com):
     1. In the navigation pane, select **Settings** \> **Endpoints** \> **Device management** \>  **Offboarding**.
     1. Select Windows 10 or Windows 11 as the operating system.
     1. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**.
diff --git a/defender-endpoint/configure-endpoints-script.md b/defender-endpoint/configure-endpoints-script.md
@@ -38,7 +38,7 @@ Check out [Identify Defender for Endpoint architecture and deployment method](de
 
 ## Onboard devices
 
-1. Open the configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>:
+1. Open the configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Microsoft Defender portal](https://security.microsoft.com):
 
    1. In the navigation pane, select **Settings** \> **Endpoints** \> **Device management** \> **Onboarding**.
    
@@ -103,7 +103,7 @@ For security reasons, the package used to offboard devices expires seven days af
 > [!NOTE]
 > Onboarding and offboarding policies must not be deployed on the same device at the same time. Otherwise, unpredictable collisions might occur.
 
-1. Get the offboarding package from <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>:
+1. Get the offboarding package from the [Microsoft Defender portal](https://security.microsoft.com):
 
    1. In the navigation pane, select **Settings** \> **Endpoints** \> **Device management** \> **Offboarding**.
    
@@ -138,7 +138,7 @@ Monitoring can also be done directly on the portal, or by using the different de
 
 ### Monitor devices using the portal
 
-1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com).
 
 2. Select **Devices inventory**.
 
diff --git a/defender-endpoint/configure-machines-asr.md b/defender-endpoint/configure-machines-asr.md
@@ -35,7 +35,7 @@ ms.date: 12/18/2023
 
 > *Attack surface management card*
 
-The *Attack surface management card* is an entry point to tools in <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> that you can use to:
+The *Attack surface management card* is an entry point to tools in the [Microsoft Defender portal](https://security.microsoft.com) that you can use to:
 
 - Understand how ASR rules are currently deployed in your organization.
 - Review ASR detections and identify possible incorrect detections.
@@ -50,7 +50,7 @@ Select **Go to attack surface management** \> **Reports** \> **Attack surface re
 > [!NOTE]
 > To access Microsoft Defender portal, you need a Microsoft 365 E3 or E5 license and an account that has certain roles on Microsoft Entra ID. [Read about required licenses and permissions](/defender-xdr/prerequisites).
 
-For more information about ASR rule deployment in <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>, see [Optimize ASR rule deployment and detections](configure-machines-asr.md).
+For more information about ASR rule deployment in the [Microsoft Defender portal](https://security.microsoft.com), see [Optimize ASR rule deployment and detections](configure-machines-asr.md).
 
 ## Related topics
 
diff --git a/defender-endpoint/configure-machines.md b/defender-endpoint/configure-machines.md
@@ -40,7 +40,7 @@ In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endp
 
 *The device configuration management page*
 
-You can track configuration status at an organizational level and quickly take action in response to poor onboarding coverage, compliance issues, and poorly optimized attack surface mitigations through direct, deep links to device management pages on Microsoft Intune and <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
+You can track configuration status at an organizational level and quickly take action in response to poor onboarding coverage, compliance issues, and poorly optimized attack surface mitigations through direct, deep links to device management pages on Microsoft Intune and [Microsoft Defender portal](https://security.microsoft.com).
 
 In doing so, you benefit from:
 
@@ -88,6 +88,6 @@ If you have been assigned other roles, ensure you have the necessary permissions
 |:---|:---
 |[Get devices onboarded to Defender for Endpoint](configure-machines-onboarding.md)|Track onboarding status of Intune-managed devices and onboard more devices through Intune. |
 |[Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md)|Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices. |
-| [Optimize ASR rule deployment and detections](configure-machines-asr.md)|Review rule deployment and tweak detections using impact analysis tools in <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>. |
+| [Optimize ASR rule deployment and detections](configure-machines-asr.md)|Review rule deployment and tweak detections using impact analysis tools in the [Microsoft Defender portal](https://security.microsoft.com). |
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/device-health-microsoft-defender-antivirus-health.md b/defender-endpoint/device-health-microsoft-defender-antivirus-health.md
@@ -66,7 +66,7 @@ To access the Device health and antivirus compliance report in the Microsoft Def
 
 To assign permissions, follow these steps:
 
-1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using account with Security administrator or Global administrator role assigned.
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) using account with Security administrator or Global administrator role assigned.
 
 1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
 
diff --git a/defender-endpoint/device-health-reports.md b/defender-endpoint/device-health-reports.md
@@ -65,7 +65,7 @@ To access the Device health and antivirus compliance report in the Microsoft Def
 
 To Assign these permissions:
 
-1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using account with Security administrator or Global administrator role assigned.
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) using account with Security administrator or Global administrator role assigned.
 
 1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
 
diff --git a/defender-endpoint/device-health-sensor-health-os.md b/defender-endpoint/device-health-sensor-health-os.md
@@ -53,7 +53,7 @@ To access the Device health and antivirus compliance report in the Microsoft Def
 
 To assign these permissions:
 
-1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using account with Security administrator or Global administrator role assigned.
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) using account with Security administrator or Global administrator role assigned.
 
 1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
 
diff --git a/defender-endpoint/linux-support-events.md b/defender-endpoint/linux-support-events.md
@@ -28,7 +28,7 @@ ms.date: 10/11/2024
 - Microsoft Defender for Endpoint Server
 - [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
 
-This article provides some general steps to mitigate missing events or alerts in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
+This article provides some general steps to mitigate missing events or alerts in the [Microsoft Defender portal](https://security.microsoft.com).
 
 Once **Microsoft Defender for Endpoint** has been installed properly on a device, a _device page_ will be generated in the portal. You can review all recorded events in the timeline tab in the device page, or in advanced hunting page. This section troubleshoots the case of some or all expected events are missing.
 For instance, if all _CreatedFile_ events are missing.
diff --git a/defender-endpoint/mac-install-manually.md b/defender-endpoint/mac-install-manually.md
@@ -48,16 +48,20 @@ Download the installation and onboarding packages from Microsoft Defender portal
 
 [!INCLUDE [Defender for Endpoint repackaging warning](../includes/repackaging-warning.md)]
 
-1. In <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>, go to **Settings > Endpoints > Device management > Onboarding**.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings > Endpoints > Device management > Onboarding**.
+
 2. In Section 1 of the page, set operating system to **macOS** and Deployment method to **Local script**.
+
 3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
+
 4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
    :::image type="content" source="media/onboarding-package-step4.png" alt-text="Screenshot that shows the options to download the installation and onboarding packages.":::
 
 5. From a command prompt, verify that you have the two files.
     - Type *cd Downloads* and press **Enter**.
     - Type *ls* and press **Enter**.
      :::image type="content" source="media/Terminal-image-step5.png" alt-text="Screenshot that displays the two download files.":::
+
 6. Copy the *wdav.pkg* and *MicrosoftDefenderATPOnboardingMacOs.sh* to the device where you want to deploy the Microsoft Defender for Endpoint on macOS.
 
 ## Application installation (macOS 11 and newer versions)
diff --git a/defender-endpoint/manage-auto-investigation.md b/defender-endpoint/manage-auto-investigation.md
@@ -58,7 +58,7 @@ Whether taken automatically or upon approval, an automated investigation and rem
 
 ## Review pending actions
 
-1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and sign in.
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com) and sign in.
 
 2. In the navigation pane, choose **Action center**.
 
@@ -90,7 +90,7 @@ For incidents with a remediation status of **Pending approval**, you can also ap
 
 ## Review completed actions
 
-1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and sign in.
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com) and sign in.
 
 2. In the navigation pane, choose **Action center**.
 
diff --git a/defender-endpoint/manage-security-policies.md b/defender-endpoint/manage-security-policies.md
@@ -53,7 +53,7 @@ The following list provides a brief description of each endpoint security policy
 
 ## Create an endpoint security policy
 
-1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using at least a Security Administrator role.
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) using at least a Security Administrator role.
 
 2. Select **Endpoints > Configuration management > Endpoint security policies** and then select **Create new Policy**. 
 
diff --git a/defender-endpoint/mde-security-settings-management.md b/defender-endpoint/mde-security-settings-management.md
@@ -67,7 +67,7 @@ The following list provides a brief description of each endpoint security policy
 
 ## Create an endpoint security policy
 
-1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using at least a Security Administrator role.
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) using at least a Security Administrator role.
 
 2. Select **Endpoints** > **Configuration management** > **Endpoint security policies** and then select **Create new Policy**. 
 
diff --git a/defender-endpoint/network-devices.md b/defender-endpoint/network-devices.md
@@ -33,7 +33,7 @@ ms.date: 01/02/2025
 > [!NOTE]
 > The [Network device discovery and vulnerability assessments](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/network-device-discovery-and-vulnerability-assessments/ba-p/2267548) Blog \(published 04-13-2021\) provides insights into the new **Network device discovery** capabilities in Defender for Endpoint. This article provides an overview of the challenge that **Network device discovery** is designed to address, and detailed information about how get started using these new capabilities.
 
-Network discovery capabilities are available in the **Device inventory** section of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and Microsoft Defender XDR consoles.
+Network discovery capabilities are available in the **Device inventory** section of the [Microsoft Defender portal](https://security.microsoft.com) and Microsoft Defender XDR consoles.
 
 A designated Microsoft Defender for Endpoint device is used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, vulnerability management capabilities in Defender for Endpoint provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.
 
diff --git a/defender-endpoint/office-365-microsoft-defender-antivirus.md b/defender-endpoint/office-365-microsoft-defender-antivirus.md
@@ -74,7 +74,7 @@ Microsoft Defender for Office 365 integrated with Microsoft Defender for Endpoin
 
     SO
 
-- Your security operations team can see a list of devices that are used by the recipients of any detected URLs or email messages, along with recent alerts for those devices, in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
+- Your security operations team can see a list of devices that are used by the recipients of any detected URLs or email messages, along with recent alerts for those devices, in the [Microsoft Defender portal](https://security.microsoft.com).
 
 ## More good reasons to use OneDrive
 
diff --git a/defender-endpoint/onboarding-endpoint-configuration-manager.md b/defender-endpoint/onboarding-endpoint-configuration-manager.md
diff --git a/defender-endpoint/production-deployment.md b/defender-endpoint/production-deployment.md
diff --git a/defender-endpoint/troubleshoot-asr-rules.md b/defender-endpoint/troubleshoot-asr-rules.md
diff --git a/defender-endpoint/user-roles.md b/defender-endpoint/user-roles.md
